Re: [PATCH] firmware: vpd: Fix section enabled flag on vpd_section_destroy

From: Guenter Roeck
Date: Mon Jul 23 2018 - 13:13:42 EST

Next message: Liang, Kan: "Re: [PATCH 3/4] perf/x86/intel/ds: Handle PEBS overflow for fixed counters"
Previous message: Lyude Paul: "[PATCH] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs"
In reply to: Dmitry Torokhov: "Re: [PATCH] firmware: vpd: Fix section enabled flag on vpd_section_destroy"
Next in thread: Dmitry Torokhov: "Re: [PATCH] firmware: vpd: Fix section enabled flag on vpd_section_destroy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 23, 2018 at 07:48:57PM +0300, Anton Vasilyev wrote:
> static struct ro_vpd and rw_vpd are initialized by vpd_sections_init()
> in vpd_probe() based on header's ro and rw sizes.
> In vpd_remove() vpd_section_destroy() performs deinitialization based
> on enabled flag, which is set to true by vpd_sections_init().
> This leads to call of vpd_section_destroy() on already destroyed section
> for probe-release-probe-release sequence if first probe performs
> ro_vpd initialization and second probe does not initialize it.
>

I am not sure if the situation described can be seen in the first place.
The second probe would only not perform ro_vpd initialization if it fails
prior to that, ie if it fails to allocate memory or if there is a
consistency problem. In that case the remove function would not be called.

However, there is a problem in the code: A partially failed probe will
leave the system in inconsistent state. Example: ro section initializes,
rw section fails to initialize. The probe will fail, but the ro section
will not be destroyed, its sysfs attributes still exist, and its memory
is still mapped. It would make more sense to fix _that_ problem.
Essentially, vpd_sections_init() should clean up after itself after it
fails to initialize a section.

Note that I am not convinced that the "enabled" flag is needed in the first
place. It is only relevant if vpd_section_destroy() is called, which only
happens from the remove function. The remove function is only called if the
probe function succeeded. In that case it is always set for both sections.

Thanks,
Guenter

> The patch adds changing enabled flag on vpd_section_destroy.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Anton Vasilyev <vasilyev@xxxxxxxxx>
> ---
> drivers/firmware/google/vpd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/firmware/google/vpd.c b/drivers/firmware/google/vpd.c
> index e9db895916c3..5347c17c7108 100644
> --- a/drivers/firmware/google/vpd.c
> +++ b/drivers/firmware/google/vpd.c
> @@ -246,6 +246,7 @@ static int vpd_section_destroy(struct vpd_section *sec)
> sysfs_remove_bin_file(vpd_kobj, &sec->bin_attr);
> kfree(sec->raw_name);
> memunmap(sec->baseaddr);
> + sec->enabled = false;
> }
>
> return 0;
> --
> 2.18.0
>

Next message: Liang, Kan: "Re: [PATCH 3/4] perf/x86/intel/ds: Handle PEBS overflow for fixed counters"
Previous message: Lyude Paul: "[PATCH] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs"
In reply to: Dmitry Torokhov: "Re: [PATCH] firmware: vpd: Fix section enabled flag on vpd_section_destroy"
Next in thread: Dmitry Torokhov: "Re: [PATCH] firmware: vpd: Fix section enabled flag on vpd_section_destroy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]